You are here

IoT’s lesson from PCI: Commercial motivation is Crucial | Cypress Semiconductor

IoT’s lesson from PCI: Commercial motivation is Crucial

This is part two of What IoT can learn from the Payment Card Industry

We ended part one discussing the IoT industry’s need for managing costs associated with security, and how the payment industry addressed this through normalization. However, IoT application and infrastructure fragmentation is much greater than the homgeneous PCI market.  Each component of a total IoT product – cloud platform, connectivity, end application – has multiple variations. AWS or Azure? Wi-Fi or LTE? Thermostat or Smart Speaker?  These variations make it difficult for a normalizing effort for security to emerge. However, there are early signs athat progress is being made.

One example of a normalizing force is government-led legislation and policies. In the US, California has made the first move with the California Consumer Privacy Act (SB-327). Similar legislation is being put forth in at least nine other states (as of this writing), adding to the momentum. In Europe, the EU and the European Telecommunications Standards Institute (ETSI) both have active initiatives that are attempting to address end-user privacy.

Industry-led initiatives also have a normalizing effect. One of the more visible efforts is the Platform Security Architecture (PSA) initiative. It is safe to say that the vast majority of IoT devices today incorporate at least one Arm processor. As such, Arm is leading this initiative to make security implementation easy and cost effective for devices that use their processors.

Cypress welcomes these normative efforts. They increase consumer awareness, and they serve to offer commercial motivation in the form of legal compliance and operational expense efficiency. This is important because normative efforts must address commercial motivation to be credible, and therefore to be effective.

These efforts are still taking shape. So, what can a secure IoT solution provider like Cypress offer in the mean time? Our approach is to provide an embedded security foundation that aligns to the commercial motivations that these efforts present. Specifically, this means:

  • Providing supply chain cost efficiency by offering standard, off-the-shelf secure devices with customization occuring later in the supply chain. This eliminates the costs of special handling and customized product inventory prior to devices being purchased. In addition, provisioning occurs as an extension of programming. All MCUs with embedded Flash require programming, and bear supply chain overhead to do so. Sharing this overhead with provisioning extracts efficiency.
  • Supporting any cloud. Maintaining control over data privacy is essential and depends upon managing device and network integrity. Secure device management is a critical capability that tends to have implementation dependencies on the cloud platform, including proprietary platforms. Flexiblity is an important enabler for competitive differentiation.
  • Using standardized embedded secure services, which are available for the embedded system, enables design reuse, and standard APIs for secure cloud applications such as firmware update. This secure by design approach yields efficiency for engineering, network operations, and for legal compliance.

More specifically, Cypress is tackling this issue with solutions based on our PSoC 64 Secure MCUs. PSoC 64 based solutions have been developed with the entire IoT device lifecycle in mind, and therefore, specifically provide the benefits that align to the normative efforts that are underway.

We’re still a long way from the finish line, but Cypress is committed to the cause – your cause! We’ll always be there for our customers and ecosystem partners to ensure their products meet the latest security standards while also aligning to the commercial.

본 사이트의 모든 컨텐츠와 자료는 "있는 그대로" 제공됩니다. CYPRESS SEMICONDUCTOR와 해당 공급자는 그 목적에 관계 없이 이러한 자료의 적합성에 대한 표현을 하지 않으며 상업성, 특정 목적에의 적합성, 권리 및 제3자 지적 재산권의 비침해에 대한 모든 묵시적 보증과 조건을 포함하여(이에 제한되지 않음) 이러한 자료와 관련한 모든 보증과 조건을 부인합니다. CYPRESS SEMICONDUCTOR에서는 명시적 또는 묵시적으로 금반언이나 여타의 다른 방법으로 라이센스를 부여하지 않습니다. 이 사이트의 정보를 사용하려면 제3자의 라이센스 또는 CYPRESS SEMICONDUCTOR에서 제공하는 라이센스가 필요할 수 있습니다.

이 사이트의 컨텐츠에는 특정 사용 지침이나 제한이 포함되거나 그러한 제한이 적용될 수 있습니다. 모든 게시물과 이 사이트 컨텐츠 사용에는 사이트 약관이 적용됩니다. 이 컨텐츠를 사용하는 제3자는 제한 또는 지침을 따르고 이 사이트의 약관을 준수할 것이라는 데 동의합니다. Cypress Semiconductor와 그 공급자는 컨텐츠와 자료, 그 제품, 프로그램 및 서비스를 언제든 수정, 삭제, 개조, 개선, 향상 및 기타 변경하거나 예고 없이 컨텐츠, 제품, 프로그램 또는 서비스를 이동 또는 중단할 수 있는 권리를 보유합니다.